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(57) ABSTRACT 

A computer based encryption and decryption system and 
method provides content analysis through a content inspec- 
tion mechanism, such as detection of a computer virus using 
a virus detection algorithm based on determining whether 
digital input information is encrypted. The content inspec- 
tion mechanism analyzes decrypted content for such things 
as virus patterns, keywords, unknown program format, or 
any other content based criteria. The system generates a 
decryption request to decrypt encrypted digital input infor- 
mation prior to applying content analysis, such as virus 
detection. In response to the decryption request, the system 
decrypts the encrypted information prior to content analysis 
such as virus detection and applies a content analysis 
application, such as a virus detection algorithm, to the 
decrypted data If desired, when the decryption requires 
access to cryptographic keys which the decryptor does not 
have immediate access to, keys may be acquired from a 
controlled key repository through use of key release agent 
methods. 

39 Claims, 3 Drawing Sheets 
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ENCRYPTION AND DFXRYPTION SYSTEM following description taken in conjunction with the accom- 

AND METHOD WITH CONTENT ANALYSIS panying drawings wherein: 

PROVISION FIG. I is a block diagram generally depicting one embodi- 
BAC KG ROUND OF THE INVENTION meQ t of an encryption and decryption system with virus 
The invention relates generally to computer based encryp- 5 delection in ^ ordance with one embodiment of the inven- 
tion and decryption systems and more particularly to com- tl0n > 

puter based encryption and decryption systems having con- FIG. 2 is a flowchart generally illustrating a method tor 

tent analysis mechanisms such as computer virus detection. detecting specified content, such as a virus in an encryption 

Computer networks containing cryptographic systems and decryption system in accordance with one embodiment 

offer secure transmission and receipt of electronic data 10 of" the invention; 

including images or other information. Such systems are FIG, 3 is a flowchart generally showing an encryption/ 

increasingly desirable in view of the transfer of electronic decryption system wherein a virus detection application 

information including business documents and other infor- launches a decryption process upon detection of encrypted 

mation over local networks and global networks. Also, incoming data in accordance with one embodiment of the 

content analysis mechanisms, such as virus detection is mvC ntion- 

mechanisms are known which detect commonly known pIG. 4fe a block diagram generally illustrating a perim- 

viruscs .on a computer, or viruses travelling through or over * * * containing an 

networks. However, typical content analysis systems, such b • j j F • . ... , . • 

as virus detection mechanisms, can not generally operate encryption and decryption system with content inspection 

properly on encrypted documents since the content analysis 20 capabilities in accordance with one embodiment of the 

tools typically must be applied to clear text files, for example invention. 

vims detection programs are not generally designed to DETAILED DESCRIPTION OF THE 

decrypt encrypted information. Consequently, where a user INVENTION 
has a virus detection mechanism such as a software appli- 

cation on a computer and also has encrypted documents on 25 A . A computer based encrypt.on and decryption ^system is 

the computer, a virus may go undetected and become a latent dlsclosed whic h P'™*™ «">»ent analysis through a content 

. A i .1 Ar a „>~a „.a inspection mechanism, such as detection or a computer virus 

destruction source when the document is decrypted and " , , . ' , , . , ** . . 

. using a virus detection mechanism, based on determining 

- ' ..... . .„ whether digital input information is encrypted. The content 

For example typical virus detection programs will search mechanism analyzes decrypted content for such 

a computer s hard drive or network server and only detec 30 ^ ^ kevwords , unknown prog ram 

viruses in fully decoded informa ion packets such as e-mai ^ ^ or othcf based 

files and other files. Encrypted documents however cannot ^ ^ . ^ be lQ of a 

generally be analyzed to determine whether a virus is f or example removal of a detected virus, 

contained within the encrypted content Hence a user may Qf unknQwn formal of non roved 

receive a notification by the vinis detection system that no 35 » ^ containing specific key words for 

viruses have been detected when in fact viruses are still ^ qt ^ ^ ^ 

present in encrypted documents and are unleashed upon cs ^ tQ de c d ^ 

launching of the program through a decryption system. * informatio ^ pnor to l pplying conlenl analysis , such as 

Also, some networks are arranged to have a perimeter or vjrus detec|ion In response t0 the decryption request, the 

firewall which may be a server through which all electronic 40 ^ d ^ ^ encrypted information prior t0 virus 

information is first passed before being transferred to other detection and applies a conte ni analysis application, such as 

networked computers within the penmeter to provide addi- a virus de(ection a i gor ithm, to the decrypted data. This may 

tional security. Such systems offer controlled screening of be done pdor tQ a]lowing use of the decrypted digital 

unwanted information through a common point prior to in f 0 rmation by other computers or prior to transferring data 

dissemination to other computers within a network. Some of 45 ^ ^ ^ ^ , ications a computer . 

these fire -walled or penmeter based computer network sys- , , . ... . , .. t _ 

. t K a * » • ♦ *u • * In an alternative embodiment, the cryptographic system 

terns are known to have virus detection at the penmeter. , . , . . . . t a 

T1 , , , . „ , . *7 . determines whether digital input information is encrypted 

However such perimeter control systems do not typically . . i • u 

^ . j . . . and generates a content analysis request such as a virus 

detect viruses or other specified content in encrypted docu- & . ' . j . . . . 

4 . • a *u u *u • i u , , Mnic en detection request, to launch a virus detection algorithm or 

ments being passed through the perimeter. Hence, a virus *t » j» 

u j j j • t i . j • r L , Ua other content analysis algonthm. For example, the system 

may be embedded in the encrypted information and may be ' b . . . r t \ - ' . 

,, . t ■ e , / tU - ♦ decrypts the deeded encrypted digital input information 

al owed to infect the computers within the perimeter when « ,. . . ; lL j . j V i • r 

. - • w, t a\ tu i a 'nfnr and app ies virus detection to the decrypted digital mforma- 

the information is opened (decrypted). The encrypted mror- . Y v , , . . . to . 

matton may also contain other undeslred content which the "™ » res ' M » se 0 th f e "T.h He^^^t'.rrim 

perimeter control system is des 1& ned to filter out, but the 55 al tawmg use or transfer of the decrypted digital input 

analysis required to carry out such filtering is not possible mtormation. 

when the information to be analyzed is encrypted. Where the disclosed system is applied to a computer 

Consequently, there exists a need for a computer based mrk configured with a perimeter control system, the 

encryption and decryptiou system that provides content ^ m f n ^ rales . a decryption request to decrypt the 

analysis, such as detection of a computer virus in encrypted *o decrypted information prior to applying a content inspection 

information. Such a system should facilitate content inspec- mechanism. Or conversely, the system generates a content 

tion to provide a real-time communication of unauthorized rec l uest lo incomm S content after decr yP" 

content in encrypted files. tlon " 

Preferably, the system decrypts and runs virus detection 

BRIEF DESCRIPTION OF THE DRAWINGS 65 on each docurnen t or file as the file is initially received by 

The features of the present invention together with the the computer or prior to transferring of the data for use by 

advantages thereof, may be understood by reference to the a target application Such a real time process can prevent a 
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virus from being unknowingly unleashed as the file is first 22, a user, such as a software application or other process on 

encountered by the system, as compared to conventional a computer in a network or a perimeter guard computer (e.g., 

systems that would have otherwise allowed the virus to go gateway or firewall) starts the decryption service by logging 

undetected as an encrypted document. Also, if desired the into the cryptographic system and obtaining access to keys 

combined decryption and content analysis, such as virus 5 to the cryptographic system for the user. Where all files are 

detection, can be run as a batch analysis as part of a stored in various memories, and a batch or bulk virus 

maintenance program to decrypt all files in a hard drive or detection is required, the user or perimeter guard launches 

network server on a pre-determined schedule to check for the security process or cryptographic application 10 as 

viruses in decrypted documents. If desired, the content indicated in block 24. The cryptographic application causes 

analysis application can be run on a file server which Q the computer to scan all data on the system (or alternatively, 

contains a backup copy of data. Significant results of any just a single file) as indicated in block 26. The cryptographic 

content analysis can then be summarized and conveyed for application opens files or data stored in memory as shown in 

use on the original files, with the advantage that performance block 28. The cryptographic application 10 then determines 

penalties of the overall analysis are minimized for online whether the file or data is encrypted by analyzing for 

systems containing the original files. 15 example a file header. This is shown in block 30. If the file 

In another embodiment, the system uses a controlled is determined to be encrypted by the cryptographic 

cryptographic key repository, such as a secure network application, the security system prepares to decrypt the file 

server or third party holder of cryptographic keys as a key or data as indicated in block 32. As used herein, a file may 

release agent (KRA) for releasing cryptographic keys for use be any digital information in any form, and data may include 

in content analysis of data encrypted for a number of 2Q packets of any type of digital information or any other data 

different users. The released keys are used in decrypting the structures other than packets. 

incoming content such as in a networked perimeter system The cryptographic application assesses whether the user 

having a common repository that receives all incoming has access to the decryption keys or whether necessary 

messages, or when performing a batch analysis of encrypted decryption keys need to be obtained form another source, as 

files. The system applies decryption on the repository data 25 indicated in block 34. For example, where the batch of data 

and then tags the data or sends subsequent notification to to be decrypted and analyzed is from many different users 

another recipient within the perimeter as to whether an with varying encryption keys, the cryptographic system may 

encrypted document may contain a virus or other content have to obtain additional decryption key information from 

requiring special processing or filtering. another source. If the computer performing the decryption 

FIG. 1 depicts a portion of a computer system having a 30 has access to the decryption keys, the cryptographic appli- 

cryptographic software application 10 for accessing memory cation decrypts the data or file as shown in block 36. The 

12 that receives incoming data 14. The cryptographic soft- cryptographic application then sends a content inspection 

ware application 10 accesses memory 12 to decrypt request, such as a virus detection request, to launch the virus 

encrypted data. The cryptographic application may be a detection application as indicated in block 38. The virus 

public key cryptographic system or symmetric key system, 35 detection application 18 then analyzes the decrypted data to 

or a combination of the two or any other suitable crypto- determine whether a virus is present within the data as 

graphic system. Upon detection that incoming data 14 is indicated in block 40 and 42. 

encrypted, the cryptographic application 10 generates a If the data is infected, the virus detection application 

content inspection request, such as a virus detection request indicates that disinfection of the virus should be done. This 

16 to launch a content inspection application 18 which 40 communication is performed via infection status data 20. 

provides content analysis on desired data. The cryptographic This is shown in block 44. If the data is not infected, the 

application 10 and content inspection application 18 may be cryptographic application goes to the next data or file as 

stored on a storage medium such as a CD ROM, diskettes, shown in block 46, and opens the file or data as shown in 

hard drive or other suitable memory device and are pro- block 28. This process continues for all inspected files and 

grams that are executable by a computer to facilitate opera- 45 may be performed on a per data packet (or file) basis in 

tion of the system as further set forth below. real-time upon receipt of incoming data if desired instead of 

The content inspection application 18 receives decrypted a bulk inspection process. In this way, e-mail or other data 

data from memory as decrypted and stored by the crypto- that is encrypted may be immediately evaluated for a virus 

graphic application 10. The content inspection application prior to being further transmitted to olher computers in the 

18, such as a virus detection program, analyzes the 50 network. If desirable, the virus detection application 

decrypted data to determine whether or not predefined (content analysis application) and cryptographic application 

content is contained in the decrypted data, or to determine can be running continuously in background, 

what further action or processing should be applied to the Referring back to block 34, if the system determines that 

data under inspection. For example where the packet content the cryptographic application 10 does not have access to the 

inspector 18 is a virus detection application, the crypto- ss decryption keys, the system determines if the keys may be 

graphic application 10 launches the virus detection applica- available from some other source such as a key release agent 

tion after decryption of the data or a portion of the data has as indicated in block 50. If the key release agent does not 

been completed. The virus detection application then evalu- have access to the keys, the user is optionally warned as 

ates the decrypted data to determine, for example, whether indicated in block 52 and the system continues with the next 

or not an infection is present in the data and generates do file or data packet as shown in block 46. Where certain keys 

inspection status data 20, such as infection status data. can not be obtained, certain data in the batch can not be 

Consequently, unlike conventional cryptographic systems, decrypted and analyzed. The system 10 records the data that 

virus detection is launched by the cryptographic application was not decrypted and analyzed in a file so that an operator 

and performed on decrypted data so that latent viruses are may later check the files that were not evaluated, 

not present in the stored data. 65 If the keys are available from such another source 

FIG. 2 shows one embodiment of the system of FIG. 1 as however, the cryptographic application 10 loads the decrypt 

applied to a virus detection evaluation. As shown in block keys and decrypts the data as indicated in block 54. With the 
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key release mechanism, ihe cryptographic application is an 
access controlled decryption mechanism. Preferably, the key 
release agent releases a decryption key to the decryptor of 
the cryptographic system based on predetermined access 
control criteria, as known in the art. For example, if the 5 
cryptographic system uses public-private key pairs, obtain- 
ing the keys from the key release agent may be performed 
as described in U.S. Pat. No. 5,481,613 entitled "Computer 
Network Cryptographic Key Distribution System" issued 
Jan. 2, 1996 to Ford et al, which is hereby incorporated by %Q 
reference. However, any suitable key release methodology 
or system may be used. 

If desired, a key release agent can be a fully integrated 
part of the user system. In other words, an organization, such 
as a corporation can have a secure server acting as a key 15 
release agent on behalf of users in the corporation. Other- 
wise a third party may serve as the key release agent if 
desired. Although not limited to bulk analysis systems, the 
key release agent offers an advantage where the data stored 
in the batch is for a number of different users with differing 2 q 
decryption keys because the necessary keys can be obtained 
from the same source if needed. 

FIG. 3 shows another embodiment of the invention 
wherein incoming data 14 is first evaluated by content 
inspector application 18 such as virus detection application 2 s 
to determine whether the incoming data is encrypted. 
Preferably, the inspector 18 requests a user to enter data to 
effect login into the cryptographic application to facilitate 
decryption if necessary. If the content analysis application 
determines that the incoming data is encrypted, the content 30 
analysis application generates a decryption request signal 60 
to notify the cryptographic application to decrypt the incom- 
ing data. The cryptographic application receives the 
encrypted data from the memory and causes the decrypted 
data to be stored back in memory 12. The decrypted data is 35 
then analyzed by the content inspection application 18, such 
as a virus detection application, to determine whether an 
infection in the data exists. Consequently, the virus detection 
application, or content inspector 18 launches a decryption 
application in response to incoming data. 40 

FIG. 4 shows a perimeter or firewall controlled computer 
network 62 having a perimeter control computer 64 through 
which all incoming data is channeled. The perimeter control 
computer 64 contains a software based encryption/ 
decryption/content analysis agent 65 that may be a content 45 
analysis program 18 that requests launch of a decryption 
application 10, or a decryptor in a cryptographic application 
that requests launch of a content analysis program 18, or a 
combination of both. The decryptor in the perimeter control 
computer 64 is an access controlled decryption mechanism 50 
as previously mentioned and the network 62 further includes 
a key release agent 66 in operative communication with the 
perimeter control computer 62 for releasing the decryption 
key to the decryptor based on access control criteria met by 
information sent from the perimeter control computer or 55 
other suitable access mechanisms. Access control criteria 
can be standard challenge-response techniques as known in 
the art. 

The network 62 includes a common file storage device or 
memory unit such as repository 68 within the perimeter 60 
controlled network 62, that is accessible by the perimeter 
control computer. The common repository 68 stores the 
encrypted digital input information and stores decrypted (or 
the originally encrypted) information prior to dissemination 
of decrypted information to computer nodes 70a and 706 65 
within the network 62. The perimeter control computer 
periodically activates the encryption/decryption/content 
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analysis agent 65 to detect encrypted data when needed, 
providing content analysis in encrypted digital information 
to perform batch content analysis in encrypted files stored in 
the repository. Periodic activation includes continually run- 
ning the encryption/decryption/content analysis agent 65 in 
background. 

In operation, the network 62 receives incoming data, 
wherein data is stored in the common repository 68 through 
the perimeter control computer 64. The encryption/ 
decryption/content analysis agent 65 loaded on the perimeter 
computer 64 generates a decryption request to decrypt the 
encrypted information in the common repository 68 prior to 
applying a content inspection mechanism as previously 
described with reference to FIG. 2. Or conversely, the agent 
65 generates a content analysis request to analyze incoming 
content after decryption as previously describe with refer- 
ence to 

FIG. 3. If desired, the incoming data can tirst be stored in 
the common repository 68 to store the encrypted digital 
input information. The encryption/decryption/content analy- 
sis agent 65 determines whether the incoming data is 
encrypted and requests a decryption key release from the 
key release agent 66. 

If release is authorized, the encryption/decryption/content 
analysis agent 65 decrypts and stores decrypted information 
for content analysis prior to dissemination of decrypted 
information to computer nodes 70a or 70b within the 
network 62. The decrypted information is stored in the 
repository 68, which may be disk storage or other memory 
such as RAM in the perimeter guard computer. 

The content analyzer, such as a virus detection algorithm, 
determines whether specified data is present in the decrypted 
information. The perimeter computer then sends a message 
to the target user of the incoming information notifying the 
user that the data contains a virus or contains other specified 
content. Alternatively, the encryption/decryption/content 
analysis agent 65 tags the encrypted file sent to the user or 
lags the data in the repository so other users are appropri- 
ately notified. If desired, the encryption/decryption/content 
analysis agent 65 can notify the perimeter computer to delete 
the infection data from the network to avoid spread of a 
virus. Similarly, when the content analysis detects other 
criteria, the encryption/decryption/content analysis agent 65 
can filter the appropriate data and flag files as containing 
special keywords, labels or other criteria. 

If desired, the content analysis application can be run on 
a file server which contains a backup copy of data. A batch 
decryption and content analysis operation is performed on 
all of the back up copies. Significant results of any content 
analysis can then be summarized and conveyed for use on 
the original flies by the server, with the advantage that 
performance penalties of the overall analysis are minimized 
for online systems containing the original files. Hence the 
server generates content analysis status information and 
sends the information to an appropriate node in the network 
designated as a user, owner or administrator of the file or 
packet. 

Alternatively, data sent to the perimeter control computer, 
such as messages or packets or other data, are structured so 
that the perimeter guard computer is a recipient that filters 
each message in real time prior to transferring encrypted or 
decrypted data to a designated recipient within the network 
perimeter. The perimeter guard computer is preferably des- 
ignated in a header, that may be transparent to operators of 
the system, along with other recipients in a message. In a 
public-private key cryptographic system for example, the 
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perimeter control computer keeps its own private key ing content analysis to facilitate content analysis within 

decryption key locally so no key release agent is needed. encrypted digital input information; and 

Hence the perimeter control computer is an extra virtual means, responsive to the decryption request and the 

recipient for which messages are encrypted. The received digital input information, for decrypting the encrypted 

incoming data is temporarily stored in the perimeter guard s digital input information prior to commence of the 

computer memory (RAM) for decryption and analysis and content analysis using a private decryption key of a 

immediately processed by the perimeter guard control com- P ublic ke y P ajr > a P arl from Wllhin thc content to factli- 

puter to facilitate real-time analysis and filtering. Upon late controlled content analysis wherein content analy- 

completion of processing, the input information is for- sis includes performing virus detection to facilitate 

warded to the designated recipient. to eradication of a detected virus, wherein decrypting is 

TTie data header includes the decryption information for done without using decryption executables contained in 

the perimeter control computer and other recipients so that a header corresponding to the digital input information, 

ir3nCM(icris n resent 

each intended recipient can decrypt the message from a copy _ L. . H ' . r i ■ i 

« u j * \ e JL 2. The encryption and decryption system ot claim 1 

of the same message. Hence, under control ot the . , c ■ , . c . 

_ „• ,„ t ;„ n ?„„„^»t ««.i„ e ; fl T ^„, ,L fl „ OT .- , ic wherein the means for providing content analysis facilitates 

encryption/decryption/content analysis agent 65, the penm- 15 d c f A . & . J . 4 , , , 

eter guard computer temporarily stores the encrypted digital commencement of content analysis upon completed launch 

input information so that it can apply decryption on the of / decrypting operation of the encrypted digital input 

message using the header decryption information as the data in c>rmat,on to fa f cl '" a e content analysis prior to al owing 

is received, prior to routing the incoming data to the desig- subsequent use ot the decrypted digital input information on 

nated recipients). Preferably, the data is routed as originally ™ a computer system. 

encrypted data to the recipient after content analysis has }■ The encryption and decryption system of claim 1 

been performed. The data decrypted for content analysis wherein ,he mean * tor f r0 l v,dln 8 C0n,6nt ana 'yf fac l lua,e h s 

may alternatively be re-encrypled at the perimeter by the commencement ot content analysis upon completed launch 

perimeter control computer, or forwarded to the recipient(s) of f a decrypting operation ot he encrypted d.gtta input 

v . . ... . , ... . . . . r „ nc information to facilitate content analysis prior to allowing 

as cleartext it the environment within the perimeter is fully 25 j v & 

lnjsted r subsequent transfer of the decrypted digital input intorma- 

' ' , . . , , tion. 

Results of any content analysis can then be conveyed to 4 The encryption and decryption system of claim 1 

a security officer terminal or to the recipient, or recorded in whefein the system ^ on a compiller network having a file 

a local file which can subsequently be consulted by admin- sl0fage device conlaining digilal information in files for at 

istrative personnel or end-users. For example, if undesired ^ one netwQrk usef and ^ system indu(Jes mcftns for 

content is detected, the data can be deleted and not for- periodically activating the means for providing content 

warded to the recipient. If certain content is found, a copy of ^ ^ in cncrypled digital information to perform batch 

the data can be stored in the common repository for analysis CQntem analysis in encrypted files stored in the file storage 

by another system, such as security system . Hence the server device 

generates content analysis status information and sends the 35 g ^ sy&tem of daim x wherein (he means for decrypt . 

information to an appropriate node in the network desig- mg reccives re leased cryptographic keys for use in content 

nated as a recipient of the data (file) or packet. analysfe of data slored for ft number of ^ crs from 

Accordingly, the disclosed system may perform real time a controlled cryptographic key repository, 

processing of messages or other data passing through the 4Q 5. The system of claim 5 wherein the controlled crypto- 

firewall before allowing the message to be passed to a graphic key repository releases a decryption key to the 

designated recipient. The system may also be configured to means for decrypting based on predetermined access control 

perform non-real time decryption and analysis using a criteria. 

store-and-forward approach by storing incoming data in a 7, The system of claim 1 wherein the means for providing 

repository and analyzing the data before sending the data to 45 content analysis controls a perimeter guard computing 

a recipient. Also, the system may be configured to provide device to perform real time content analysis of the digital 

off-line analysis at the perimeter but the data is forwarded to mput information passing through the perimeter before 

the intended recipient and a copy is kept at the repository allowing the digilal input information to be passed to a 

and analyzed independent of the unanalyzed copy that was designated recipient. 

forwarded on to the recipient. 5Q The system of claim 1 further including a repository 

It should be understood that the implementation of other within a perimeter controlled network, operatively coupled 

variations and modifications of the invention in its various to the means for decrypting and to the means for providing 

aspects will be apparent to those of ordinary skill in the art, content analysis, for storing decrypted information for con- 

and that the invention is not limited by the specific embodi- tent analysis prior 10 dissemination of the digital input 

ments described. It is therefore contemplated to cover by the 55 information within the network. 

present invention, any and all modifications, variations, or 9. A computer based encryption and decryption system 

equivalents that fall within the spirit and scope of the basic comprising: 

underlying principles disclosed and claimed herein. means for determining whether digital input information 

What is claimed is: that includes at least one of a file, document and at least 

1. A computer based encryption and decryption system 60 part of a body of a message is encrypted using a 

comprising: cryptographic key and for generating a content analysis 

means for providing content analysis having means for request, 

determining whether digital input information that means, responsive to the means for determining, for 

includes at least a part of one of a file, document and decrypting delected encrypted digital input information 

a body of a message is encrypted using a cryptographic 65 using a private decryption key of a public key pair, 

key and for generating a decryption request to decrypt apart from within the content to facilitate controlled 

the encrypted digital input information prior to apply- content analysis; and 
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means, responsive lo the content analysis request, for 
applying content analysis to the decrypted digital input 
information wherein content analysis includes perform- 
ing virus detection to facilitate eradication of a detected 
virus, wherein decrypting is done without using 
decryption executables contained in a header corre- 
sponding to the digital input information, if a header is 
present. 

10. The encryption and decryption system of claim 9 
wherein the means for determining facilitates commence- 
ment of content analysis upon completed launch of a 
decrypting operation of the encrypted digital input informa- 
tion to facilitate content analysis prior to allowing subse- 
quent use of the decrypted digital input information on a 
computer system. 15 

11. The encryption and decryption system of claim 9 
wherein the means for applying content analysis facilitates 
commencement of content analysis upon completed launch 
of a decrypting operation of the encrypted digital input 
information to facilitate content analysis prior to allowing 2 o 
subsequent transfer of the decrypted digital input informa- 
tion. 

12. The encryption and decryption system of claim 9 
wherein the system is in a computer network having a file 
storage device containing digital information in files for 2 $ 
multiple network users and the system includes means for 
periodically activating the means for generating the content 
analysis request to perform batch content analysis in 
encrypted files stored in the file storage device. 

13. The system of claim 9 wherein the means for decrypt- 
ing receives released cryptographic keys for use in content 
analysis of data encrypted for a number of different users 
from a controlled cryptographic key repository. 

14. The system of claim 13 wherein the controlled cryp- 
tographic key repository releases a decryption key to the 
means for decrypting based on predetermined access control 
criteria. 

15. The system of claim 9 wherein the means for applying 
content analysis controls a perimeter guard computing 
device to perform real time content analysis of the digital 40 
input information passing through the perimeter before 
allowing the digital input information to be passed to a 
designated recipient. 

16. The system of claim 9 including a repository within a 
perimeter controlled network, operatively coupled to the 45 
means for decrypting and to the means for applying content 
analysis, for storing decrypted information prior to dissemi- 
nation of the digital input information within the network. 

17. An encryption and decryption method comprising: 
providing content analysis by determining whether digital 

input information that includes at least one of a file, 
document and at least part of a body of a message is 
encrypted and generating a decryption request to a 
decryptor to decrypt the encrypted digital input in for 
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decrypting operation of the encrypted digital input informa- 
tion to facilitate content analysis prior to allowing subse- 
quent use of the decrypted digital input information on a 
computer system. 

19. The encryption and decryption method of claim 17 
wherein the method is performed on a computer network 
having a file storage device containing digital information in 
files for multiple network users and the method includes 
periodically activating content analysis in encrypted digital 
information to perform batch content analysis in encrypted 
files stored in the file storage device. 

20. The encryption and decryption method of claim 17 
wherein the step of providing content analysis includes 
commencing content analysis upon completed launch of a 
decrypting operation of the encrypted digital input informa- 
tion to facilitate content analysis prior to allowing subse- 
quent transfer of the decrypted digital input information on 
a computer system. 

21. The method of claim 17 wherein decrypting includes 
receiving released cryptographic keys for use in content 
analysis of data stored for a number of different users from 
a controlled cryptographic key repository. 

22. The method of claim 21 wherein the controlled 
cryptographic key repository releases a decryption key for 
decrypting based on predetermined access control criteria. 

23. The method of claim 21 further including providing a 
repository within a perimeter controlled network for storing 
decrypted information prior to dissemination of the digital 
input information within the network. 

24. The method of claim 17 wherein the step of providing 
content analysis includes controlling a perimeter guard 
computing device to perform real time content analysis of 
the digital input information passing through a perimeter 
before allowing the digital input information to be passed to 
a designated recipient. 

25. A computer based encryption and decryption method 
comprising: 

determining whether digital input information that 
includes at least one of a file, document and at least part 
of a body of a message is encrypted; 

generating a content analysis request based on the deter- 
mination; 

decrypting detected encrypted digital input information, 
wherein decrypting is done without using decryption 
executables contained in a header corresponding to the 
digital input information, if a header is present; and 

applying content analysis to the decrypted digital input 
information wherein content analysis includes perform- 
ing virus detection to facilitate eradication of a detected 
virus. 

26. The encryption and decryption method of claim 25 
wherein the step of applying content analysis includes 
commencing content analysis upon completed launch of a 



decrypting operation of the encrypted digital input informa- 

mation prior to applying content analysis to facilitate 55 lion to facilitate content analysis prior to allowing subse- 

content analysis within the encrypted digital input quent transfer of the decrypted digital input information on 

information; and a computer system, 

decrypting the encrypted digital input information prior to 27. The encryption and decryption method of claim 25 

completion of the content analysis wherein content wherein the step of applying content analysis includes 

analysis includes performing virus detection to facili- 60 commencing content analysis upon completed launch of a 



talc eradication of a detected virus, wherein decrypting 
is done without using decryption executables contained 
in a header corresponding to the digital input 
information, if a header is present. 
18. The encryption and decryption method of claim 17 
wherein the step of providing content analysis includes 
commencing content analysis upon completed launch of a 
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decrypting operation of the encrypted digital input informa- 
tion to facilitate content analysis prior lo allowing subse- 
quent use of the decrypted digital input information on a 
computer system. 

28. The encryption and decryption method of claim 25 
wherein the method is performed on a computer network 
having a file storage device containing digital information in 
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files for multiple network users and the method includes 
periodically activating content analysis in encrypted digital 
information to perform batch content analysis in encrypted 
files stored in ihe file storage device. 

29. The method of claim 25 wherein decrypting includes s 
receiving released cryptographic keys for use in content 
analysis of data stored for a number of different users from 

a controlled cryptographic key repository. 

30. The method of claim 29 wherein the controlled 
cryptographic key repository releases a decryption key for 10 
decrypting based on predetermined access control criteria. 

31. The method of claim 29 further including providing a 
repository within a perimeter controlled network for storing 
decrypted information prior to dissemination of the digital 
input information within the network. 15 

32. The method of claim 25 wherein the step of applying 
content analysis includes controlling a perimeter guard 
computing device to perform real time content analysis of 
the digital input information passing through a perimeter 
before allowing the digital input information to be passed to 20 
a designated recipient. 

33. A storage medium comprising: 

a program executable by a computing mechanism that 
facilitates the following steps; 

determining whether digital input information that 25 
includes at least one of a file, document and at least 
part of a body of a message is encrypted; 

generating a request from the group of at least a content 
analysis request and a decryption request, based on 
the determination; 30 

decrypting detected encrypted digital input information 
based on the generated request, wherein decrypting 
is done without using decryption executables con- 
tained in a header corresponding to the digital input 
information, if a header is present; and 35 

applying content analysis to the decrypted digital input 
information prior to allowing use of the decrypted 
digital input information wherein content analysis 
includes performing virus detection to facilitate 
eradication of a detected virus. 40 

34. The storage medium of claim 33 wherein decrypting 
includes receiving released cryptographic keys for use in 
content analysis of data stored for a number of different 
users from a controlled cryptographic key repository. 
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35. The storage medium of claim 33 wherein the program 
also facilitates periodically activating content analysis in 
encrypted digital information to perform batch content 
analysis in encrypted files stored in the file storage device. 

36. The storage medium of claim 33 wherein the program 
also facilitates decryption operation on the encrypted digital 
input information prior to transferring of the digital input 
information for use by a target application. 

37. A computer based encryption and decryption system 
comprising: 

means for providing content analysis having means for 
determining whether digital input information that 
includes at least a part of one of a file, document and 
a body of a message is encrypted using a cryptographic 
key and for generating a decryption request to decrypt 
the encrypted digital input information prior to apply- 
ing content analysis to facilitate content analysis within 
encrypted digital input information; and 

meaas, responsive to the decryption request and the 
digital input information, for decrypting the encrypted 
digital input information prior to commence of the 
content analysis using a private decryption key of a 
public key pair, apart from within the content to facili- 
tate controlled content analysis wherein the private 
decryption key is accessed from a repository containing 
stored private decryption keys of a number of different 
users. 

38. The encryption and decryption system of claim 37, 
wherein the means for providing content analysis facilitates 
commencement of content analysis upon completed launch 
of a decrypting operation of the encrypted digital input 
information to facilitate content analysis prior to allowing 
subsequent transfer of the decrypted digital input informa- 
tion. 

39. The encryption and decryption system of Claim 37, 
herein the system is on a computer network having a file 
storage device containing digital information in files for at 
least one network user and the system includes means for 
periodically activating the means for providing content 
analysis in encrypted information to perform batch content 
analysis in encrypted files stored in the file storage device. 

***** 
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